Data in alerts and events

Event data is saved in binary form in the folder C:\ProgramData\Kaspersky Lab\Endpoint Agent\protected\kata in open non-encrypted form.

By default, only users with System and Administrator permissions have read-access to files when Self-Defense is enabled. When Self-Defense is disabled, users with System and Administrator permissions can also delete the files, modify their contents, and modify the access rights to them. Kaspersky Endpoint Agent component does not manage access permissions to this folder and any files in it. It is the system administrator who determines access permissions.

Event data can contain information related to the following:

See also

Data received from the Central Node component

Data in fields of Windows Event Log events of Kaspersky Endpoint Agent

Data in Kaspersky Endpoint Agent for Windows requests to Kaspersky Anti Targeted Attack Platform

Service data of Kaspersky Endpoint Agent for Windows

Data contained in Kaspersky Endpoint Agent for Windows trace files and dumps

Data sent to Kaspersky if the KSN Statement was accepted

Data contained in task completion reports

Data contained in an install log

Data on files that are blocked from starting

Data related to the performance of tasks

Page top